Glossary

SAQ – Self Assessment Questionnaire – the form of self-check for merchants and service providers with low transaction volume (see compliance levels) if they are compliant with PCI DSS

AoC – Attestation of Compliance – formal document confirming compliance with PCI DSS. It is completed either by Merchant/Service Provider (if they are eligible to fill SAQ) or by PCI QSA at the end of PCI QSA on-site audit.

AoSC – Attestation of Scan Compliance – document confirming passing or failing a PCI ASV scan (issued after PCI ASV scanning as a part of report)

RoC – Report on Compliance – large document (over 300 pages) that is completed during PCI QSA on-site audit. This document is usually only shared with card organizations (such as VISA/Mastercard)

CoC – Certificate of Compliance – issued by SC2labs for marketing and PR purposes. This is not a formal confirmation on compliance (AoC is a formal document)

SoA – VISA Scope of Audit – additional document required by VISA for entities that would like to register with VISA as a member agent.